Re: [exim] [Pkg-exim4-users] rspamd spam scanning fails afte…

Página Inicial
Delete this message
Reply to this message
Autor: Thomas Hager
Data:  
Para: pkg-exim4-users
CC: exim-users
Assunto: Re: [exim] [Pkg-exim4-users] rspamd spam scanning fails after upgrade to 4.88 bpo on jessie
On Wed, 2017-01-25 at 08:19 +0100, Andreas Metzler wrote:
> Thomas Hager <duke@???> wrote:
> > I updated Exim on my jessie box to 4.88-4~bpo8+1 a few days ago and
> > discovered about now that the update broke spam scanning with
> > rspamd.
> > From the logs:
> > 2017-01-22 08:59:55 1cVD46-0004AB-QI spam acl condition: spamd:
> > failed
> > to connect to any address for 127.0.0.1: Broken pipe
> > 2017-01-22 08:59:55 1cVD46-0004AB-QI spam acl condition: all spamd
> > servers failed
>
> [...]
>
> > Before I take this to the upstream list I'd like to verify if this
> > is
> > an issue with the 4.88 bpo package on jessie.
>
> Hello,
>
> I would be surprised if this was Debian specific. There was a similar
> report in December.
> http://lists.alioth.debian.org/pipermail/pkg-exim4-users/2016-Decembe
> r/002368.html

Hi Andreas,

I cc the Exim users list now, because I found the code, which causes
the described connection failures.

To begin with, reverting the patch described in
https://bugs.exim.org/show_bug.cgi?id=1802 didn't fix the error.

So I dug deeper and found commit fb05276a ("TCP Fast Open"). 

If TCP_FASTOPEN is defined in netinet/tcp.h, Exim 4.88 uses
MSG_FASTOPEN for STREAM sockets. If TFO is not available, the code in
ip.c catches an EOPNOTSUPP error in the call to sendto() and falls back
to connect(). On jessie, sendto() doesn't raise an EOPNOTSUPP error
when Exim tries to connect to rspamd with MSG_FASTOPEN, but raises an
EPIPE error instead.

This error is not caught and Exim is unable to connect to the rspamd
process running on my box.

A small patch fixed this error (see below), but I don't know if this is
the best approach. Maybe Exim should verify if TFO is available and
enabled before using TFO at all on a Linux server.

Cheers,
Tom.

diff --git a/src/src/ip.c b/src/src/ip.c
index 8bb6bed..9d82e49 100644
--- a/src/src/ip.c
+++ b/src/src/ip.c
@@ -236,7 +236,7 @@ connect in FASTOPEN mode but with zero data.
 if (fastopen)
   {
   if (  (rc = sendto(sock, NULL, 0, MSG_FASTOPEN, s_ptr, s_len)) < 0
-     && errno == EOPNOTSUPP
+     && (errno == EOPNOTSUPP || errno == EPIPE )
      )
     {
     DEBUG(D_transport)



-- 
Thomas "Duke" Hager                               duke@???
GPG: 2048R/791C5EB1            http://www.sigsegv.at/gpg/duke.gpg
=================================================================
"Never Underestimate the Power of Stupid People in Large Groups."